CVE-2019-19006

Warnung

Medienbericht

Exploit

EPSS 31.61%
Veröffentlicht 21.11.2019 18:15:11
Zuletzt bearbeitet 04.02.2026 15:56:22
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Sangoma FreePBX 115.0.16.26 and below, 14.0.13.11 and below, 13.0.197.13 and below have Incorrect Access Control.

Betroffene Produkte Warnungen 1 Metriken 4 CWE 1 Referenzen 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Sangoma ≫ Freepbx Version >= 13.0.0.0 <= 13.0.197.13

Sangoma ≫ Freepbx Version >= 14.0.0.0 <= 14.0.13.11

Sangoma ≫ Freepbx Version >= 15.0.0.0 <= 15.0.16.26

03.02.2026: CISA Known Exploited Vulnerabilities (KEV) Catalog

Sangoma FreePBX Improper Authentication Vulnerability

Schwachstelle

Sangoma FreePBX contains an improper authentication vulnerability that potentially allows unauthorized users to bypass password authentication and access services provided by the FreePBX admin.

Beschreibung

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	31.61%	0.967

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H